<?php
include '../connectdb.php';
if (isset($_GET['del'])) {
    $q = "delete from admin where admin_id=" . $_GET["admin_id"];
    mysqli_query($link, $q);
    $q2 = "delete from admin_permission where admin_id=" . $_GET["admin_id"];
    mysqli_query($link, $q2);
    header('Location: main.php?permission=true');
    die;
}
if (isset($_POST['action'])) {
    if ($_POST['action'] == 'add') {
        if ($_POST['user'] && $_POST['password'] && $_POST['lv']) {
            $q = "INSERT INTO admin (admin_user, admin_password, lv) VALUES('" . $_POST['user'] . "', '" . $_POST['password'] . "', '" . $_POST['lv'] . "')";
            mysqli_query($link, $q);
            $id = mysqli_insert_id($link);
        }
    } else { // edit        
        $id = $_POST["admin_id"];
        if ($id && $_POST['user'] && $_POST['lv']) {
            $set = "";
            if ($_POST['password'])
                $set = ", admin_password='" . $_POST['password'] . "'";
            $q = "UPDATE admin SET lv='" . $_POST['lv'] . "' $set WHERE admin_id='$id'";
            mysqli_query($link, $q);
        }
    }
    // Set permission
    if ($id) {
        $q_h = "DELETE FROM admin_permission WHERE admin_id = '$id'";
        mysqli_query($link, $q_h);
        $arr = array();
        if (count($_POST['chk_permission']) > 0) {
            foreach ($_POST['chk_permission'] as $key => $val) {
                array_push($arr, $val);
                $q_permission = "INSERT INTO admin_permission (admin_id, h_id) VALUES('$id', '$val')";
                mysqli_query($link, $q_permission);
            }
        }
        $_SESSION['permission']=$arr;
    }
}
if (isset($_GET["add"]) || isset($_GET["edit"])) {
    $arrPermission = array();
    if (isset($_GET["edit"])) {
        $q = "select * from admin where admin_id = " . $_GET["admin_id"];
        $result = mysqli_query($link, $q);
        $row = mysqli_fetch_array($result);
        $url = "main.php?permission=true";
        $action = 'edit';

        $q2 = "select * from admin_permission where admin_id=" . $_GET["admin_id"];
        $result2 = mysqli_query($link, $q2);

        while ($rows = mysqli_fetch_array($result2)) {
            array_push($arrPermission, $rows['h_id']);
        }
    } else {
        $url = "main.php?permission=true";
        $action = 'add';
    }
    $sql_h_stay = "SELECT * FROM home_stay WHERE home_stay_id > 0";
    $result_h_stay = mysqli_query($link, $sql_h_stay);
    $rs_h_Stay = array();
    $i = 0;
    while ($row_h_Stay = mysqli_fetch_array($result_h_stay)) {
        $rs_h_Stay[$i]['home_stay_id'] = $row_h_Stay['home_stay_id'];
        $rs_h_Stay[$i]['home_stay_name'] = $row_h_Stay['home_stay_name'];
        $i++;
    }
    ?>
    <form action="<?php echo $url ?>" method="POST">
        <input type="hidden" name="action" value="<?php echo $action ?>" />
        <input type="hidden" name="admin_id" value="<?php echo $_GET["admin_id"] ?>" />
        <table border="1" width="764">
            <tr>
                <td colspan="2" align="center"><h3>Add/Edit Admin</h3></td>
            </tr>
            <tr>
                <td>user</td>
                <td><input type="text" name="user" value="<?php echo $row['admin_user']; ?>" <?php if (isset($_GET["edit"])) echo 'readonly'; ?> /></td>
            </tr>
            <tr>
                <td>password</td>
                <td><input type="password" name="password" /> <?php
                    if (isset($_GET["edit"])) {
                        echo '<font color="red" size="2">* กรอก password เมื่อต้องการเปลี่ยนเท่านั้น</font>';
                    }
                    ?></td>
            </tr>
            <tr>
                <td>level</td>
                <td>
                    <select name="lv" class="input-small">
                        <option value="1" <?php if ($row['lv'] == 1) echo 'selected'; ?> >1</option>
                        <option value="2" <?php if ($row['lv'] == 2) echo 'selected'; ?> >2</option>
                    </select>                    
                </td>
            </tr>
            <tr>
                <td>permission</td>
                <td>
                    <?php
                    for ($j = 0; $j < count($rs_h_Stay); $j++) {
                        ?>
                        <input name="chk_permission[]" type="checkbox" value="<?php echo $rs_h_Stay[$j]['home_stay_id']; ?>" <?php if (count($arrPermission) > 0 && in_array($rs_h_Stay[$j]['home_stay_id'], $arrPermission) == true) echo 'checked'; ?>> <?php echo $rs_h_Stay[$j]['home_stay_name']; ?>
                        <?php
                        if (($j + 1) % 3 == 0)
                            echo '<br>';
                    }
                    ?>                    
                </td>
            </tr>
            <tr>
                <td colspan="2" align="center"><input type="submit" value="submit" class="btn btn-primary" /></td>
            </tr>
        </table>
    </form>
    <?php
} else {
    ?>
    <script type="text/javascript">
        function confirm_delete(url) {
            if (confirm("โปรดยืนยันการลบข้อมูล")) {
                location.href = url;
            }
        }
    </script>
    <table border="1" width="764">
        <tr>
            <td colspan="7" align="center"><h3>Admin Management</h3></td>
        </tr>
        <tr>
            <td colspan="7" align="right"><a href="main.php?permission=true&add=true">+Add</a></td>
        </tr>
        <tr>
            <td>id</td>
            <td>user</td>
            <td>level</td>
            <td>permission</td>
            <td>edit</td>
            <td>delete</td>
        </tr>
        <?php
        $sql_h_stay = "SELECT * FROM home_stay WHERE home_stay_id > 0";
        $result_h_stay = mysqli_query($link, $sql_h_stay);
        $rs_h_Stay = array();
        $i = 0;
        while ($row_h_Stay = mysqli_fetch_array($result_h_stay)) {
            $rs_h_Stay[$i]['home_stay_id'] = $row_h_Stay['home_stay_id'];
            $rs_h_Stay[$i]['home_stay_name'] = $row_h_Stay['home_stay_name'];
            $i++;
        }

        $q = "select * from admin";
        $result = mysqli_query($link, $q);
        while ($row = mysqli_fetch_array($result)) {

            $arrPermission = array();
            $q2 = "select * from admin_permission where admin_id=" . $row["admin_id"];
            $result2 = mysqli_query($link, $q2);
            while ($rows = mysqli_fetch_array($result2)) {
                array_push($arrPermission, $rows['h_id']);
            }
            ?>
            <tr>
                <td> <?php echo $row['admin_id']; ?> </td>
                <td><?php echo $row['admin_user']; ?></td>
                <td><?php echo $row['lv']; ?></td>
                <td> 
                    <?php
                    for ($j = 0; $j < count($rs_h_Stay); $j++) {
                        ?>
                        <input type="checkbox" value="<?php echo $rs_h_Stay[$j]['home_stay_id']; ?>" disabled="disabled" <?php if (count($arrPermission) > 0 && in_array($rs_h_Stay[$j]['home_stay_id'], $arrPermission) == true) echo 'checked'; ?>> <?php echo $rs_h_Stay[$j]['home_stay_name']; ?>
                        <?php
                        if (($j + 1) % 3 == 0)
                            echo '<br>';
                    }
                    ?>
                </td>
                <td><a href="main.php?permission=true&edit=true&admin_id=<?php echo $row['admin_id']; ?>">edit</a></td>
                <td><a href="javascript:confirm_delete('main.php?permission=true&del=true&admin_id=<?php echo $row['admin_id']; ?>');">delete</a></td>
            </tr>
            <?php
        }
        ?>
    </table>
    <?php
}
?>
